{"id":"USN-4589-1","summary":"containerd vulnerability","details":"It was discovered that containerd could be made to expose sensitive\ninformation when processing URLs in container image manifests. A\nremote attacker could use this to trick the user and obtain the\nuser's registry credentials.\n","modified":"2026-02-10T04:41:57Z","published":"2020-10-15T19:58:02Z","related":["UBUNTU-CVE-2020-15157"],"upstream":["CVE-2020-15157","UBUNTU-CVE-2020-15157"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4589-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15157"}],"affected":[{"package":{"name":"containerd","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/containerd@1.2.6-0ubuntu1~16.04.4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.6-0ubuntu1~16.04.4"}]}],"versions":["0.2.1-0ubuntu4~16.04","0.2.3-0ubuntu1~16.04","0.2.5-0ubuntu1~16.04.1","1.2.6-0ubuntu1~16.04.2","1.2.6-0ubuntu1~16.04.3"],"ecosystem_specific":{"binaries":[{"binary_name":"containerd","binary_version":"1.2.6-0ubuntu1~16.04.4"},{"binary_name":"golang-github-docker-containerd-dev","binary_version":"1.2.6-0ubuntu1~16.04.4"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4589-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-15157"}]}}}],"schema_version":"1.7.3"}